The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

Thursday, July 28, 2016

WELCOME to Matt Tesauro, OWASP’s New Senior Project Engineer!

We are thrilled to announce that Matt Tesauro has joined the OWASP Foundation staff as our Senior Project Engineer. Matt has been involved in InfoSec for more than 15 years and a volunteer with OWASP since 2008 when he created the OWASP Live CD Project for the first OWASP Summer of Code. He evolved this project into the OWASP WTE flagship project which he still runs. Additionally, Matt also co-leads the OWASP AppSec Pipeline project and is a former OWASP Foundation Board member.

The primary focus of his new role is to reinvigorate the OWASP Projects and bring automation and workflow improvements based on Agile and DevOps principles. Matt will be splitting his time 60/40 between proactive process improvements and operational items. As part of his interview process, Matt was asked to provide his preliminary thoughts on improving OWASP projects; check out his Vision for Change. The end goal is a healthy stable of projects which are simple for project leaders to contribute to and easy for the AppSec community at large to use.

Matt comes to us from Pearson where as a Senior Software Security Engineer he improved his team’s throughput 5x by implementing DevOps and agile principles to increase automation and improve workflow. Matt carved a career that straddles operations and development since the early aughts. Often, his role was to be the AppSec department as well as run security operations, which meant that Matt adopted DevOps while DevOps principles were still being solidified. This perspective allowed him to see both the run and write of application development providing a comprehensive view of Secure SDLCs. His focus on improving security workflows throughout his career so endeared him to developers that upon leaving Rackspace his dev team abandoned traditional biases against security and mourned his absence.In addition to growing agile AppSec departments, Matt honed his skills teaching at conferences and universities including Texas A&M and University of Texas at Austin, where he was a professor in the undergraduate and graduate departments. (You can learn how to create your own AppSec Pipeline from him at AppSecUSA!)You can follow Matt on Linkedin or Twitter, collaborate with him on GitHub, and learn from him on Slide Share. If you are a project leader, a user of OWASP projects, or someone who wants to see AppSec progress, drop comment below.